The Purple Tornado Delivers DHS Report Concerning Worldwide Digital Security Vulnerabilities
TWENTYNINE PALMS, Calif., Dec. 17, 2019 /PRNewswire/ -- The Purple Tornado, a foresight and strategic intelligence consultancy that delivers thinktank research insights for corporate and government use, has announced a report addressing critical vulnerabilities in U.S. Non-Person Entity (NPE) digital identities. Commissioned by the Department of Homeland Security with specific emphasis on Banking and Finance, the report yields far-reaching implications for virtually every industry. In response to its findings The Purple Tornado proposes a new taxonomy for non-human identity in the form of Self-Sovereign Identities (SSI) that will be of indispensable use in future and vital to the resiliency of U.S. national security.
Digital Identity, Non-Person Entities and the IoT
Simply expressed, digital identity is the infrastructure necessary to perform or do almost every action on the Internet. Both companies and individuals have separate, though not autonomous, digital identities. It has been generally accepted that companies explicitly own the digital identities of the people who use their services.
The ubiquitous use of centralized databases by companies -- coupled with the low integrity of that data -- has put the identities and resources of millions of people at daily risk from cyberattack. And although a myriad of solutions have been tried with varying degrees of success, these digital risks continue to be exploited on a constant and sustained basis by cybercriminals.
"Private Sector companies build products and services for market segments where they can make profits. This leaves certain broader technology problems unsolved. The technology responsible for web browser was similarly funded. This research identifies 11 market gaps - problems the private sector is not solving today," said Heather Vescent, CEO of The Purple Tornado. "Solving these problems is critical to safeguard privacy and increase security for governments, companies and individuals."
Entities, Identities, Registries: The Market Gaps
Recognizing the implications of these technological advancements The Purple Tornado has defined market gaps within its research as problems that the market failed to provide a solution for. In most cases these categories emerged as market gaps when there was a problem or need without a solution. The Purple Tornado finds critical vulnerabilities in the following markets;
-- Legal Identity of Corporations: Digitally native identity credentials
don't exist, nor do ways to receive and give verified credentials about
an organization's identity from an authoritative source.
-- Conclusive Ultimate Beneficial Owner: Banks aren't required by statute
to conclusively find the Ultimate Beneficial Owner (UBO) of a company
before proceeding.
-- Conclusive Verified Corporate Data *: In the digital world, there is no
standard way to find verified corporate identity data, like legal name,
address and jurisdiction along with the identification of authorized
delegates who have authority to sign contracts, transfer funds, and take
action on behalf of the company.
-- Corporate Delegation: Companies have humans that manually enter into
contracts, make financial transactions, and undertake other actions on
behalf of the corporation, lending to propagation latency.
-- Real-Time Verified Identity: Identifies a missing piece to the Corporate
Delegation process: real-time confirmation that a delegatee has the
authority to take the action they are requesting to take on behalf of
the company. Current corporate delegation data is updated anywhere from
30 days to 2 years.
-- NPE Responsibility: Scrutinizes the relationships and responsibilities
of the company (an NPE) selling NPE IoT devices to a human owner.
-- Legal Identity of IoT Things: Identifies concerns that there are no
universal standards or regulations around which IoT objects have an
identity assigned at "birth."
-- Tracking and Auditing Goods in the Supply Chain: While many goods are
tracked with a barcode or serial number, there is the desire to more
thoroughly track goods in the supply chain, including their components,
sources of raw material, and the chain of custody. This information
could differentiate between a licensed and unlicensed product as well as
verify any origin claims.
-- IoT Security Standards *: Smart homes, surveillance devices, connected
appliances, and vehicles have persistent and structural vulnerabilities
that makes them difficult to secure for many real-world situations.
-- IoT Self-Authentication *: While Legal Identity describes the legal
identity assigned to a thing; IoT Self-Authentication uses built in
identity to prove the device is the device it says it is.
-- Data Integrity from IoT Sensors *: Addresses a vulnerability in the lack
of ability for a human to verify the data retrieved from a sensor is
authentic. There is no mechanism to verify data coming off sensors,
drones, and other IoT data-generating devices is reliable for
high-security applications.
While the report focuses on the relationships between humans and NPEs within banking, finance and the IoT, the implications of the market gaps discovered apply to virtually every industry including the military, government, supply chain, healthcare and retail.
Self-Sovereign Identity (SSI) Technologies: A New Taxonomy
The Purple Tornado is now exploring SSI technologies that give companies and private individuals the ability to manage and control their own digital identifiers. SSI is gaining momentum as it solves multiple identity challenges, and presents a new paradigm shift that will inevitably change the future of identity completely.
The full report on 'Entities, Identities, Registries: Exploring the Gaps in Corporate and IoT Identity' can be found online at https://bit.ly/NPEreport.
* Market Gap where current solution became obsolete, fell short in its adoption, was costly for broad adoption, or is in early stages of development.
About The Purple Tornado
The Purple Tornado is a foresight and strategic intelligence consultancy that delivers thinktank research insights for corporate and government use. In addition to winning multiple awards from the Association of Professional Futurists, The Purple Tornado produces films and has authored and co-authored multiple volumes on cyber issues and digital identity. The firm's research has been covered by the New York Times, CNN, American Banker, CNBC, Fox and the Atlantic. Learn more about The Purple Tornado, its ongoing research and future reports at: www.ThePurpleTornado.com. Follow The Purple Tornado on LinkedIn or on Twitter @purple_tornado.
Media Contact
Please reach out to Josh Pasqualini at josh@anycontext.com with any questions or inquiries.
View original content:http://www.prnewswire.com/news-releases/the-purple-tornado-delivers-dhs-report-concerning-worldwide-digital-security-vulnerabilities-300975510.html
SOURCE The Purple Tornado
